Clients cannot ping each other.

[mynkow]

Hi,

I have 3 computers in VPN with openVpn. Everything is UP and all clients can see the server and the server can see all the clients. The problem is that clients cannot see each other. I followed this tutorial http://www.informit.com/articles/article.aspx?p=605499 step by step. I also added a static routing in my router's configuration as described here: http://www.informit.com/articles/articl ... 9&seqNum=5. Can you help and advice me where is my problem?

EDIT: the server is windows 7. I also changed the registry entry IPEnableRouter -> 1

Best regards

[hostizzle]

http://backreference.org/2010/05/02/con ... n-openvpn/

I hope this is not a live installation---I have made my clients very sad when I messed around with iptables on the live server.

Hopefully your luck will prove better than mine.

[mynkow]

http://backreference.org/2010/05/02/con ... n-openvpn/

I hope this is not a live installation---I have made my clients very sad when I messed around with iptables on the live server.

Hopefully your luck will prove better than mine.

10x

[maikcat]

hi there,

do you use client-to-client directive inside servers config?

cheers,

michael.

[mynkow]

hi there,

do you use client-to-client directive inside servers config?

cheers,

michael.

No, I added a: push "route 192.168.10.0 255.255.255.128" and now is working. The problem is now that other things stopped working like Teamviewer etc. My Router is 192.168.50.1 and below is the client configuration. May be I am missing some push/route configuration. If I stop openvpn then Teamviewer starts working

Code: Select all

client

dev tap

#dev-node MyTAP  #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

proto udp

remote domain.com 1194  #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config

route 192.168.50.0 255.255.255.0 vpn_gateway 3  #This it the IP address scheme and subnet of your normal network your server is on.  Your router would usually be 192.168.1.1

push "route 192.168.10.0 255.255.255.128"

resolv-retry infinite

nobind

persist-key

persist-tun

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory.  This should be be different for each client.

key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key"  # This file should be kept secret

ns-cert-type server

cipher BF-CBC        # Blowfish (default) encrytion

comp-lzo

verb 1

[maikcat]

hi there,

try to use client-to-client into server config and tell us the results..

cheers,

michael.

[mynkow]

hi there,

try to use client-to-client into server config and tell us the results..

cheers,

michael.

Hey guys
client-to-client did not fix the problem. Here is the server config:

Code: Select all

local 192.168.50.2 # This is the IP address of the real network interface on the server connected to the router

port 1194 # This is the port OpenVPN is running on - make sure the router is port forwarding this port to the above IP

proto udp # UDP tends to perform better than TCP for VPN

mssfix 1400 # This setting fixed problems I was having with apps like Remote Desktop

route 192.168.10.0 255.255.255.128
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.128"
push "dhcp-option DNS 192.168.50.1"  # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)
push "dhcp-option DNS X.X.X.X"  # A second DNS server if you have one

dev tap

#dev-node MyTAP  #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"  

cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"

key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key"  # This file should be kept secret

dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

server 192.168.10.0 255.255.255.128  # This assigns the virtual IP address and subent to the server's OpenVPN connection.  Make sure the Routing Table entry matches this.

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"  # This will force the clients to use the home network's internet connection

keepalive 3 15

cipher BF-CBC        # Blowfish (default) encryption

comp-lzo

max-clients 100 # Assign the maximum number of clients here

persist-key

persist-tun

client-to-client

route-method exe 
route-delay 2

status openvpn-status.log

verb 1 # This sets how detailed the log file will be.  0 causes problems and higher numbers can give you more detail for troubleshooting


# lines starting with # or ; will not be read by OpenVPN

[maikcat]

hi there,

your config


local 192.168.50.2
port 1194
proto udp
mssfix 1400
route 192.168.10.0 255.255.255.128
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.128"
push "dhcp-option DNS 192.168.50.1"
push "dhcp-option DNS X.X.X.X"
dev tap
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 192.168.10.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
keepalive 3 15
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
client-to-client
route-method exe
route-delay 2
status openvpn-status.log
verb 1

my suggestion

local 192.168.50.2 # is your pc multihomed?
port 1194
proto udp
push "route 192.168.50.0 255.255.255.0"
push "dhcp-option DNS 192.168.50.1"
push "dhcp-option DNS X.X.X.X"
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 192.168.10.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
keepalive 3 15
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
client-to-client
route-method exe #use it if ONLY you have problem otherwise REMOVE it
route-delay 2
status openvpn-status.log
verb 1


**change your clients config also (tap-->tun)

cheers,

michael.

[krzee]

and remove the 2 after route-delay
the default of 30 should be fine... if using 2 worked, odds are you didnt need the option at all

[mynkow]

Hi people!!!

I stil have troubles event following your last 2 advices :s. But also have an improvement. I added route 192.168.50.0 255.255.255.0 to the server config. Here I should say that:

server: windows 7, ip:192.168.50.2 (real machine)
client1: windowsXP, ip:192.168.50.150 (Virtual machine virtualbox - bridge)
client2: windows 2003 server , other network (Virtual machine vmware - bridge)

so, after I added the line route 192.168.50.0 255.255.255.0 I got everything UP in client2. Now I have internet and other applications running. Client 1 is still dead. There I have only file share. I think the problem is that both client and server are in local network and the client connects to the server trough the real IP but I am not sure. Do you have any suggestions?

PS: I think I am not multihomed because I hear this for a first time, and after reading what is that I would say, NO.

[maikcat]

hi there,

testing a vpn using both ends inside the same lan AND pushing
routes that refer to the lan you already are is *VERY BAD* idea
and its definetely not the proper way to test a vpn connection...

i suggest you find a pc OUTSIDE your lan with a DIFFERENT lan subnet
and test it.

michael.

[mynkow]

You were right. I removed the push and now I am online. Thank you so much.

BEST REGARDS